Permalink
Browse files

change password and delete account

  • Loading branch information...
1 parent a622230 commit fad97ae727b1e497d364cffa06607ee77f11f7e3 Ivar Abrahamsen committed May 22, 2012
@@ -47,15 +47,6 @@ object Application extends Controller with Secured {
def index = Action { implicit request =>
Ok(views.html.index(EventController.searchForm, EventController.createForm, registerForm))
-// flash.get("eventId") match {
-// case None => {
-// session.get("eventId") match {
-// case None => Ok(views.html.index(EventController.searchForm, EventController.createForm, registerForm))
-// case Some(eventId) => Redirect(routes.EventController.viewEvent(eventId.toLong)).withSession(session - "eventId")
-// }
-// }
-// case Some(eventId) => Redirect(routes.EventController.viewEvent(eventId.toLong))
-// }
}
def showLogin = Action { implicit request =>
@@ -16,16 +16,6 @@ object ParticipantController extends Controller with Secured {
"username" -> nonEmptyText(maxLength = 99),
"fullname" -> optional(text(maxLength = 99)),
"email" -> optional(text(maxLength = 99))
-// "password" -> nonEmptyText(minLength = 4, maxLength = 99),
-// "confirm" -> nonEmptyText(minLength = 4, maxLength = 99)
-// ) verifying("Passwords does not match", fields => fields match {
-// case (username, fullname, email, password, confirmPassword) => {
-// password.trim == confirmPassword.trim
-// }
-// ) verifying("Username is already taken", fields => fields match {
-// case (username, fullname, email, password, confirmPassword) => {
-// !Participant.findByUsername(username.trim).isDefined
-// }
) verifying("Email address is not valid", fields => fields match {
case (username, fullname, email ) => {
email match {
@@ -36,6 +26,18 @@ object ParticipantController extends Controller with Secured {
})
)
+ val passwordForm = Form(
+ tuple(
+ "password" -> nonEmptyText(minLength = 4, maxLength = 99),
+ "newpassword" -> nonEmptyText(minLength = 4, maxLength = 99),
+ "confirm" -> nonEmptyText(minLength = 4, maxLength = 99)
+ ) verifying("Passwords does not match", fields => fields match {
+ case ( password, newPassword, confirmPassword) => {
+ newPassword.trim == confirmPassword.trim
+ }
+ })
+ )
+
def viewParticipant(participantId: Long) = Action { implicit request =>
Participant.findById(participantId).map { participant =>
Ok(views.html.participant.viewparticipant(participant,Event.findAllEventsAsParticipantOrOrganiser(participantId),updateParticipantForm.fill((participant.username,participant.fullName,participant.email))))
@@ -58,14 +60,47 @@ object ParticipantController extends Controller with Secured {
fullName = updatedForm._2,
email = updatedForm._3)
Participant.updateParticipant(updatedParticipant)
- Redirect(routes.ParticipantController.viewParticipant(participantId));
+ Redirect(routes.ParticipantController.viewParticipant(participantId)).flashing("message" -> "Participant updated")
}.getOrElse{
NotFound.flashing("message" -> "Participant not found")
}
}
)
}
- def deleteParticipant(participantId: Long) = TODO
+ def confirmDeleteParticipant(participantId: Long) = withParticipant { participant => implicit request =>
+ if(participant.participantId == participantId){
+ Ok(views.html.participant.deleteparticipant(participant))
+ } else {
+ Logger.warn("Participant:" + participant.participantId + " can not delete " + participantId)
+ Unauthorized.flashing("messageError"->"Can only delete your own account")
+ }
+ }
+
+ def deleteParticipant(participantId: Long) = withParticipant { participant => implicit request =>
+ if(participant.participantId == participantId){
+ Logger.info("Participant deleted:" + participantId + " | " + participant.username)
+ participant.deleteAccount
+ Redirect(routes.Application.index()).withNewSession;
+ } else {
+ Logger.warn("Participant:" + participant.participantId + " can not delete " + participantId)
+ Unauthorized.flashing("messageError"->"Can only delete your own account")
+ }
+ }
+
+ def changePassword(participantId: Long) = withParticipant { participant => implicit request =>
+ passwordForm.bindFromRequest.fold(
+ errors => {
+ Logger.warn("Bad change passwords request:"+errors)
+ BadRequest(views.html.participant.viewparticipant(participant,Event.findAllEventsAsParticipantOrOrganiser(participantId),updateParticipantForm)).flashing("messageError"->"Password change failed")
+ },
+ passwords => {
+ val newParticipant = participant.copy(password = Option(passwords._2))
+ Logger.info("Changing password for " + participantId)
+ Participant.updatePassword(newParticipant)
+ Redirect(routes.ParticipantController.viewParticipant(participantId)).flashing("message" -> "Password changed")
+ }
+ )
+ }
}
View
@@ -110,4 +110,18 @@ object Album {
}
}
+
+ def deleteAllAlbumsByEvent(eventId: Long) {
+ DB.withConnection { implicit connection =>
+ SQL(
+ """
+ DELETE FROM snapalbum
+ WHERE eventid = {eventid}
+ """
+ ).on(
+ 'eventid -> eventId
+ ).execute()
+ }
+ }
+
}
View
@@ -171,6 +171,9 @@ object Event {
}
def deleteEvent(eventId: Long){
+ removeAllJoinRequestsByEvent(eventId)
+ removeAllParticipantsByEvent(eventId)
+ Album.deleteAllAlbumsByEvent(eventId)
DB.withConnection { implicit connection =>
SQL(
"""
@@ -223,7 +226,7 @@ object Event {
}
- private def findAllEventsByOrganiser(organiserId: Long) = {
+ def findAllEventsByOrganiser(organiserId: Long) = {
DB.withConnection { implicit connection =>
SQL(
"""
@@ -238,7 +241,7 @@ object Event {
}
}
- private def findAllEventsByParticipant(participantid: Long) = {
+ def findAllEventsByParticipant(participantid: Long) = {
DB.withConnection { implicit connection =>
SQL(
"""
@@ -416,4 +419,68 @@ object Event {
}
+ def removeAllJoinRequestsByParticipant(participantId: Long) {
+ DB.withConnection { implicit connection =>
+ SQL(
+ """
+ delete from eventrequests
+ where participantid = {participantid}
+ """
+ ).on(
+ 'participantid -> participantId
+ ).execute()
+ }
+ }
+
+ private def removeAllJoinRequestsByEvent(eventId: Long) {
+ DB.withConnection { implicit connection =>
+ SQL(
+ """
+ delete from eventrequests
+ where eventid = {eventid}
+ """
+ ).on(
+ 'eventid -> eventId
+ ).execute()
+ }
+ }
+
+
+
+ private def removeAllParticipantsByEvent(eventId: Long) {
+ DB.withConnection { implicit connection =>
+ SQL(
+ """
+ delete from eventparticipant
+ where eventid = {eventid}
+ """
+ ).on(
+ 'eventid -> eventId
+ ).execute()
+ }
+ }
+
+
+
+ def removeParticipantFromAllEvents(participantId: Long) {
+// findAllEventsByParticipant(participantId).map { event =>
+ // TODO: delete albums by participant
+// }
+ DB.withConnection { implicit connection =>
+ SQL(
+ """
+ delete from eventparticipant
+ where participantid = {participantid}
+ """
+ ).on(
+ 'participantid -> participantId
+ ).execute()
+ }
+ }
+
+ def removeAllEventsByOrganiser(participantId: Long) = {
+ findAllEventsByOrganiser(participantId).map { event =>
+ Event.deleteEvent(event.eventId)
+ }
+ }
}
@@ -24,6 +24,13 @@ case class Participant(
Event.createAndSaveEvent(new Event(eventName,participantId,Participant.DateFormat.format(new java.util.Date())))
}
+ def deleteAccount {
+ Event.removeAllJoinRequestsByParticipant(participantId)
+ Event.removeParticipantFromAllEvents(participantId)
+ Event.removeAllEventsByOrganiser(participantId)
+ Participant.deleteParticipant(participantId)
+ }
+
}
@@ -198,7 +205,6 @@ object Participant {
def updateParticipant(participant: Participant) = {
- Logger.info("Updating : " + participant)
findById(participant.participantId) match {
case Some(existingParticipant) => {
DB.withConnection { implicit connection =>
@@ -225,5 +231,41 @@ object Participant {
}
+ def updatePassword(participant: Participant) = {
+ findById(participant.participantId) match {
+ case Some(existingParticipant) => {
+ DB.withConnection { implicit connection =>
+ SQL(
+ """
+ UPDATE participant
+ SET password = {password}
+ WHERE participantid = {participantid}
+ """
+ ).on(
+ 'participantid -> participant.participantId,
+ 'password -> participant.encryptedPassword
+ ).executeInsert()
+ }
+ }
+ case None => {
+ throw new NullPointerException("Participant not found")
+ }
+ }
+ }
+
+ def deleteParticipant(participantId: Long) {
+ Logger.info("Deleting participant: " + participantId)
+ DB.withConnection { implicit connection =>
+ SQL(
+ """
+ DELETE FROM participant
+ WHERE participantid = {participantid}
+ """
+ ).on(
+ 'participantid -> participantId
+ ).execute()
+ }
+ }
+
}
@@ -22,7 +22,7 @@
@form(action = routes.EventController.deleteEvent(event.eventId), 'class -> "form-horizontal"){
<div class="form-actions">
<button type="submit" class="btn btn-danger">Delete event</button>
- <a href="@routes.EventController.viewEvent(event.eventId)"><button type="button" class="btn">Cancel</button></a>
+ <a class="btn" href="@routes.EventController.viewEvent(event.eventId)">Cancel</a>
</div>
}
@@ -75,10 +75,16 @@
</fieldset>
}
+ <p class="alert alert-warning">
+ Please note this is a system in development.
+ Data may not be persisted over time.
+ </p>
}
+
+
<style>
#jib .breadcrumb { display: none; }
</style>
@@ -61,7 +61,7 @@ <h1 class="fill">
<li><a href="http://flurdy.com/contact/" target="_blank">Contact</a></li>
<li class="login-link">
@currentParticipant match {
- case Some(participant) => {<a href="@routes.Application.logout" rel="nofollow">Log out: @participant.username</a>
+ case Some(participant) => {<a href="@routes.Application.logout" rel="nofollow">Log out</a></li><li class="login-link"><a href="@routes.ParticipantController.viewParticipant(participant.participantId)">@participant.username</a>
}
case None => {<a href="@routes.Application.showLogin" rel="nofollow">Log in</a></li><li class="login-link"><a href="@routes.Application.showRegister">Register</a>
}
@@ -0,0 +1,32 @@
+@(participant: Participant)(implicit currentParticipant: Option[Participant])
+
+@import helper._
+@import helper.twitterBootstrap._
+@import models._
+
+@main(" snaps | delete account"){
+<li>
+ <span class="divider">/</span>
+ <a href="@routes.ParticipantController.viewParticipant(participant.participantId)">Participant</a>
+</li>
+} {
+
+ <h2>Delete account</h2>
+ <br/>
+ <h3>Participant: @participant.username</h3>
+ <br/>
+ <div class="alert alert-block">
+ Please confirm you want to delete your account
+ <br/><br/>
+ Note this will also delete your albums and events
+ </div>
+
+@form(action = routes.ParticipantController.deleteParticipant(participant.participantId), 'class -> "form-horizontal"){
+<div class="form-actions">
+ <button type="submit" class="btn btn-danger">Delete account</button>
+ <a class="btn" href="@routes.ParticipantController.viewParticipant(participant.participantId)">Cancel</a>
+</div>
+}
+
+
+}
Oops, something went wrong.

0 comments on commit fad97ae

Please sign in to comment.